Bug#990246: marked as done (vlc: reproducible builds: Embeds build username and hostname in binaries)

To: Sebastian Ramacher <sramacher@debian.org>
Subject: Bug#990246: marked as done (vlc: reproducible builds: Embeds build username and hostname in binaries)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 12 Mar 2022 22:39:04 +0000
Message-id: <[🔎] handler.990246.D990246.164712452521526.ackdone@bugs.debian.org>
Reply-to: 990246@bugs.debian.org
References: <E1nTAKZ-000Iy3-4n@fasolo.debian.org> <87fsx8s5e8.fsf@yucca>

Your message dated Sat, 12 Mar 2022 22:35:23 +0000
with message-id <E1nTAKZ-000Iy3-4n@fasolo.debian.org>
and subject line Bug#990246: fixed in vlc 3.0.17-1
has caused the Debian Bug report #990246,
regarding vlc: reproducible builds: Embeds build username and hostname in binaries
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
990246: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990246
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: vlc: reproducible builds: Embeds build username and hostname in binaries
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Wed, 23 Jun 2021 13:16:47 -0700
Message-id: <87fsx8s5e8.fsf@yucca>

Source: vlc
Severity: normal
Tags: patch
User: reproducible-builds@lists.alioth.debian.org
Usertags: username hostname
X-Debbugs-Cc: reproducible-bugs@lists.alioth.debian.org

The build username and build system hostname are embedded in binaries
shipped in vlc:

  https://tests.reproducible-builds.org/debian/rb-pkg/bullseye/amd64/diffoscope-results/vlc.html

  ./usr/lib/x86_64-linux-gnu/libvlccore.so.9.0.0 

  pbuilder1
  vs.
  pbuilder2

  ionos11-amd64
  vs.
  i-capture-the-hostname

The attached patch fixes this by setting VLC_COMPILE_BY and
VLC_COMPILE_HOST to empty values in configure.ac.


This patch does not address all reproducibility issues in vlc
(e.g. build paths), though applying it reduces the diff for the
remaining issues.


Thanks for maintaining vlc!


live well,
  vagrant

From 01e2dcc51b31f1a06bcd07faa0ae3fbd0ddbe9c6 Mon Sep 17 00:00:00 2001
From: Vagrant Cascadian <vagrant@reproducible-builds.org>
Date: Wed, 23 Jun 2021 19:33:47 +0000
Subject: [PATCH 1/3] Disable embedding the build hostname and username in the
 binaries.

https://tests.reproducible-builds.org/debian/issues/user_hostname_manually_added_requiring_further_investigation_issue.html
---
 configure.ac | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/configure.ac b/configure.ac
index 7db5256a8..5d6324cf9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4324,8 +4324,8 @@ AC_SUBST(VERSION_MINOR)
 AC_SUBST(VERSION_REVISION)
 AC_SUBST(VERSION_EXTRA)
 AC_SUBST(COPYRIGHT_YEARS)
-AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "`whoami|sed -e 's/\\\/\\\\\\\/g'`", [user who ran configure])
-AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "`hostname -f 2>/dev/null || hostname`", [host which ran configure])
+AC_DEFINE_UNQUOTED(VLC_COMPILE_BY, "", [user who ran configure])
+AC_DEFINE_UNQUOTED(VLC_COMPILE_HOST, "", [host which ran configure])
 AC_DEFINE_UNQUOTED(VLC_COMPILER, "`$CC -v 2>&1 | tail -n 1 | sed -e 's/ *$//'`", [compiler])
 dnl
 dnl  Handle substvars that use $(top_srcdir)
-- 
2.32.0

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 990246-close@bugs.debian.org
Subject: Bug#990246: fixed in vlc 3.0.17-1
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 12 Mar 2022 22:35:23 +0000
Message-id: <E1nTAKZ-000Iy3-4n@fasolo.debian.org>
Reply-to: Sebastian Ramacher <sramacher@debian.org>

Source: vlc
Source-Version: 3.0.17-1
Done: Sebastian Ramacher <sramacher@debian.org>

We believe that the bug you reported is fixed in the latest version of
vlc, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 990246@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastian Ramacher <sramacher@debian.org> (supplier of updated vlc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 12 Mar 2022 20:40:54 +0100
Source: vlc
Architecture: source
Version: 3.0.17-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Changed-By: Sebastian Ramacher <sramacher@debian.org>
Closes: 990246 1004584
Changes:
 vlc (3.0.17-1) unstable; urgency=medium
 .
   * New upstream version 3.0.17
     - Fix build with ffmpeg 5.0 (Closes: #1004584)
   * debian/control:
     - Switch to libidn-dev
     - Bump BD on libopenmpt-modplug-dev
     - Bump Standards-Version
   * debian/copyright:
     - Add missing text to BSD-2-clause
     - Update copyright for 3.0.17
   * debian/patches: Refresh patches
   * debian/rules: Set VLC_COMPILE_BY and VLC_COMPILE_HOST (Closes: #990246)
   * debian/: Update lintian override
Checksums-Sha1:
 2009fa1361d9e43bd5076c026b43be2272f701e3 6309 vlc_3.0.17-1.dsc
 0c8ab67be1989ce9d4e5c4d377f5740c00f53d29 26391800 vlc_3.0.17.orig.tar.xz
 0ebd0704ea5a4fd2262cbb3c1af212eb3f278675 195 vlc_3.0.17.orig.tar.xz.asc
 1a37a1783c611de0da2c1327c43220ff92b5956c 65024 vlc_3.0.17-1.debian.tar.xz
Checksums-Sha256:
 b5aa2c1124147f3943f43cfd4628572468b1f8bd12cd52973c57a5774d49483d 6309 vlc_3.0.17-1.dsc
 48bd9bf337aa107a1524eba57c52dc4a91e29f5a97fbdee92f6a4dba90383cd0 26391800 vlc_3.0.17.orig.tar.xz
 1a7c5ffa348956a0734c5bf91362c6e0c12188e5d2df42a25419a3476dffffc4 195 vlc_3.0.17.orig.tar.xz.asc
 46e1f992d196ec596009704038c6a8113dc7d403820597d70823069f48a34990 65024 vlc_3.0.17-1.debian.tar.xz
Files:
 badec10f80b8f5733e93540ea46d362d 6309 video optional vlc_3.0.17-1.dsc
 42c12ac468a393250ef798e740a42796 26391800 video optional vlc_3.0.17.orig.tar.xz
 2e262873c71335a341fba445bb06b93b 195 video optional vlc_3.0.17.orig.tar.xz.asc
 d4dbf765657eebd7dc22885c7e978f85 65024 video optional vlc_3.0.17-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmItH1oACgkQafL8UW6n
GZME9xAAubJLkwBepRLBR4ABTy/qdUko+Tl+HJCAncfXEdkvukOBkKdSklUQzWAG
2UOJgqUDbcqIijdQHFrR/iNPaoxb6E8W5cyDUV84gUorEoxHNDQ6S1b8rrXgRdmd
2dLcFxlSnJ37eTS8IBCDcw8IyLO1/bmLpxOw39owksJMwjUUtTKbK0RdTc6gKWxB
fIpnyIc5BfxX6+2s81UhArsJLRa8IVvKZTqSunaB/JHPPpJqOobU48Sjguq5FqYu
onYtfQtygQkI1R5SfmgzTQfpuv/B65oyM62sMuarIfeIbQKh8An3qx75S4HRjfQY
d/Ad6RZVTyoArvUcyHxaP/Udecmpo0mgMRokVpVzLVajyt5JGDEr3qsCcfvA07UL
8/nh/vDxljhlt1zDRDO22AEFHhkIjxj0eHmjLmNdWL2wGc9brxGWvEp3XKkm3siR
GJ3rtRkP/RAdLBupTKWTSt9w4QHmsdYS/r+abm0eYFl9duCyp3nJ5OiOzz9t8Kig
tEmWi/ku1tsHOA7m3jULKcO1DrU+Gow8chAZi43vyHAcZBy4QyRxHEcF1SpoTxVX
ssAPJ5VuIHLYXT6eu+sQrIbrjMN5LdyJiQNOT8A8/ji+hKApfX4QQoZxMU6HweEY
Jyk89kHLQxxx7fFb4r43AxaLXufullw9LTxaSzpSxe80FvHTCA0=
=bN1U
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#1004584: marked as done (vlc: FTBFS with ffmpeg 5.0)
Next by Date: Processing of vlc_3.0.17-1_source.changes
Previous by thread: Bug#1004584: marked as done (vlc: FTBFS with ffmpeg 5.0)
Next by thread: Processing of vlc_3.0.17-1_source.changes
Index(es):
- Date
- Thread